diff --git a/protocol/protocol.tex b/protocol/protocol.tex
index 62496dd8..4c98da22 100644
--- a/protocol/protocol.tex
+++ b/protocol/protocol.tex
@@ -6220,8 +6220,8 @@ Let $\ParamG{b} := 3$.
 
 (\hairspace $\ParamG{q}$ and $\ParamG{r}$ are prime.)
 
-Let $\GroupG{1}$ be the group of points on a Barreto--Naehrig curve $\CurveG{1}$ over
-$\GF{\ParamG{q}}$ with equation $y^2 = x^3 + \ParamG{b}$.
+Let $\GroupG{1}$ be the group of points on a Barreto--Naehrig (\cite{BN2005})
+curve $\CurveG{1}$ over $\GF{\ParamG{q}}$ with equation $y^2 = x^3 + \ParamG{b}$.
 This curve has embedding degree 12 with respect to $\ParamG{r}$.
 
 Let $\GroupG{2}$ be the subgroup of order $r$ in the sextic twist $\CurveG{2}$ of
@@ -6386,8 +6386,8 @@ Let $\ParamS{b} := 4$.
 
 (\hairspace $\ParamS{q}$ and $\ParamS{r}$ are prime.)
 
-Let $\GroupS{1}$ be the group of points on a Barreto--Lynn--Scott curve $\CurveS{1}$ over
-$\GF{\ParamS{q}}$ with equation $y^2 = x^3 + \ParamS{b}$.
+Let $\GroupS{1}$ be the group of points on a Barreto--Lynn--Scott (\cite{BLS2002})
+curve $\CurveS{1}$ over $\GF{\ParamS{q}}$ with equation $y^2 = x^3 + \ParamS{b}$.
 This curve has embedding degree 12 with respect to $\ParamS{r}$.
 
 Let $\GroupS{2}$ be the subgroup of order $\ParamS{r}$ in the sextic twist $\CurveS{2}$ of
@@ -8855,6 +8855,7 @@ found by Brian Warner.
     \item Specify support for \cite{BIP-111} (the \texttt{NODE\_BLOOM} service bit)
           in network protocol version $170004$.
     \item Give references \cite{Vercauter2009} and \cite{AKLGL2010} for the optimal ate pairing.
+    \item Give references for BLS \cite{BLS2002} and BN \cite{BN2005} curves.
     \item Define $\KASproutDerivePublic$ for $\KASproutCurve$.
     \item Caveat the claim about \noteTraceabilitySet in \crossref{overview} and link to
           \cite{Peterson2017} and \cite{Quesnelle2017}.
diff --git a/protocol/zcash.bib b/protocol/zcash.bib
index dd99a3b2..218b7ae7 100644
--- a/protocol/zcash.bib
+++ b/protocol/zcash.bib
@@ -75,6 +75,26 @@ Lecture Notes in Computer Science; Springer, 2013.},
 Last revised September~12, 2011.}
 }
 
+@misc{BLS2002,
+   presort={BLS2002},
+   author={Paulo Barreto and Ben Lynn and Michael Scott},
+   title={Constructing {E}lliptic {C}urves with {P}rescribed {E}mbedding {D}egrees},
+   url={https://eprint.iacr.org/2002/088},
+   urldate={2018-04-20},
+   howpublished={Cryptology ePrint Archive: Report 2002/088.
+Last revised February~22, 2005.}
+}
+
+@misc{BN2005,
+   presort={BN2005},
+   author={Paulo Barreto and Michael Naehrig},
+   title={Pairing-{F}riendly {E}lliptic {C}urves of {P}rime {O}rder},
+   url={https://eprint.iacr.org/2005/133},
+   urldate={2018-04-20},
+   howpublished={Cryptology ePrint Archive: Report 2005/133.
+Last revised February~28, 2006.}
+}
+
 @misc{Vercauter2009,
    presort={Vercauter2009},
    author={Frederik Vercauteren},